Commit ec6a08bf authored by Chaoting Liu's avatar Chaoting Liu
Browse files

qt5-webengine: compile without icu, sync patch with Arch

parent b4377b79
......@@ -8,27 +8,39 @@ license=('LGPL3' 'LGPL2.1' 'BSD')
pkgdesc='Provides support for web applications using the Chromium browser project'
depends=('qt5-webchannel' 'qt5-location' 'libxcomposite' 'libxrandr' 'pciutils' 'libxss'
'libevent' 'snappy' 'nss' 'libxslt' 'minizip' 'ffmpeg' 're2' 'libvpx')
makedepends=('python2' 'git' 'gperf' 'jsoncpp' 'ninja' 'qt5-tools')
makedepends=('python3' 'git' 'gperf' 'jsoncpp' 'ninja' 'qt5-tools' 'poppler')
groups=('qt5')
options=('debug')
_pkgfqn="${pkgname/5-/}-everywhere-src-${pkgver}"
source=("http://download.qt.io/official_releases/qt/${pkgver%.*}/$pkgver/submodules/${_pkgfqn}.tar.xz"
qtwebengine-harmony.patch)
qtbug-76958.patch
qtwebengine-glibc-2.29.patch
qtbug-77037-workaround.patch
qtbug-76958.patch
qtbug-76913.patch
qtbug-76963.patch)
sha256sums=('e0af82ecee1ab41b6732697f667b98b7b0c53164bebcfaad8070e88b2e064efe'
'feca54ab09ac0fc9d0626770a6b899a6ac5a12173c7d0c1005bc3964ec83e7b3')
'eef55340b3ec5f8d1020b7327eda67f86729aaf70107c688deb15083f5ca8fbc'
'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c'
'3e3bb8ecf292e7f249d001db4a4a072ca4ba38f713f496122bd7c73d93d5def9'
'eef55340b3ec5f8d1020b7327eda67f86729aaf70107c688deb15083f5ca8fbc'
'5771af2442d7743ef7c59f0d3716a23985383e2b69ecb4fa9d4ea8e8f7c551fa'
'390607db2967cfbb2741109a15914ff046a6cd91c374f79a9d4d98c8399958c6')
prepare() {
mkdir -p build
# Hack to force using python2
# Hack to force using python3
mkdir -p bin
ln -s /usr/bin/python2 bin/python
ln -s /usr/bin/python3 bin/python
cd ${_pkgfqn}
patch -p1 -i ../qtbug-76913.patch # Fix crashes on media-heavy sites
patch -p1 -i ../qtbug-76958.patch # Fix crash when loading tabs on the background
patch -p1 -i ../qtbug-77037-workaround.patch # Link to pulseaudio to avoid header mismatch
patch -p1 -i ../qtbug-76963.patch # Fix SIOCGSTAMP error after glibc update
# FreeType 2.8.1
patch -Np1 -i ../qtwebengine-harmony.patch
cd src/3rdparty/chromium
patch -p1 -i "$srcdir"/qtwebengine-glibc-2.29.patch # Fix PPAPI plugins with glibc 2.29
}
build() {
......@@ -39,8 +51,8 @@ build() {
-proprietary-codecs \
-system-ffmpeg \
-webp \
-spellchecker \
-webengine-icu
-spellchecker
# -webengine-icu
make
}
......
From 4746bb904bf6841137d5b50357bf79c852bf5d06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCri=20Valdmann?= <juri.valdmann@qt.io>
Date: Thu, 4 Jul 2019 15:38:05 +0200
Subject: Null check result of consuming mailbox texture
Fixes: QTBUG-76913
Change-Id: Ib036121f366d037d507f59bf31c3ab9c79bfea5e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
src/core/compositor/compositor_resource_tracker.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/compositor/compositor_resource_tracker.cpp b/src/core/compositor/compositor_resource_tracker.cpp
index 73242c69..741c2717 100644
--- a/src/core/compositor/compositor_resource_tracker.cpp
+++ b/src/core/compositor/compositor_resource_tracker.cpp
@@ -174,7 +174,8 @@ quint32 CompositorResourceTracker::consumeMailbox(const gpu::MailboxHolder &mail
DCHECK(mailboxManager);
if (mailboxHolder.sync_token.HasData())
mailboxManager->PullTextureUpdates(mailboxHolder.sync_token);
- return service_id(mailboxManager->ConsumeTexture(mailboxHolder.mailbox));
+ gpu::TextureBase *tex = mailboxManager->ConsumeTexture(mailboxHolder.mailbox);
+ return tex ? service_id(tex) : 0;
#else
NOTREACHED();
#endif // QT_CONFIG(OPENGL)
--
cgit v1.2.1
diff --git a/src/core/web_contents_adapter.cpp b/src/core/web_contents_adapter.cpp
index c4f4591e..dc005b62 100644
--- a/src/core/web_contents_adapter.cpp
+++ b/src/core/web_contents_adapter.cpp
@@ -671,19 +671,23 @@ void WebContentsAdapter::load(const QWebEngineHttpRequest &request)
}
}
- auto navigate = [](WebContentsAdapter *adapter, const content::NavigationController::LoadURLParams &params) {
+ auto navigate = [](QWeakPointer<WebContentsAdapter> weakAdapter, const content::NavigationController::LoadURLParams &params) {
+ WebContentsAdapter *adapter = weakAdapter.data();
+ if (!adapter)
+ return;
adapter->webContents()->GetController().LoadURLWithParams(params);
// Follow chrome::Navigate and invalidate the URL immediately.
adapter->m_webContentsDelegate->NavigationStateChanged(adapter->webContents(), content::INVALIDATE_TYPE_URL);
adapter->focusIfNecessary();
};
+ QWeakPointer<WebContentsAdapter> weakThis(sharedFromThis());
if (resizeNeeded) {
// Schedule navigation on the event loop.
base::PostTaskWithTraits(FROM_HERE, {content::BrowserThread::UI},
- base::BindOnce(navigate, this, std::move(params)));
+ base::BindOnce(navigate, std::move(weakThis), std::move(params)));
} else {
- navigate(this, params);
+ navigate(std::move(weakThis), params);
}
}
From: Jiri Slaby <jslaby@suse.cz>
Date: Thu, 11 Jul 2019 09:35:13 +0200
Subject: fix build after y2038 changes in glibc
Patch-mainline: submitted on 2019/07/11
References: QTBUG-76963
SIOCGSTAMP is defined in linux/sockios.h since kernel 5.2. Include that
file wherever needed.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
chromium/third_party/webrtc/rtc_base/physical_socket_server.cc | 1 +
1 file changed, 1 insertion(+)
--- a/src/3rdparty/chromium/third_party/webrtc/rtc_base/physical_socket_server.cc
+++ b/src/3rdparty/chromium/third_party/webrtc/rtc_base/physical_socket_server.cc
@@ -67,6 +67,7 @@ typedef void* SockOptArg;
#endif // WEBRTC_POSIX
#if defined(WEBRTC_POSIX) && !defined(WEBRTC_MAC) && !defined(__native_client__)
+#include <linux/sockios.h>
int64_t GetSocketRecvTimestamp(int socket) {
struct timeval tv_ioctl;
--
2.21.0
--- qtwebengine-everywhere-src-5.13.0/src/core/config/linux.pri.orig 2019-08-06 08:23:45.385072740 +0300
+++ qtwebengine-everywhere-src-5.13.0/src/core/config/linux.pri 2019-08-06 08:23:51.085237082 +0300
@@ -162,7 +162,7 @@ host_build {
qtConfig(webengine-system-harfbuzz): gn_args += use_system_harfbuzz=true
!qtConfig(webengine-system-glib): gn_args += use_glib=false
qtConfig(webengine-pulseaudio) {
- gn_args += use_pulseaudio=true
+ gn_args += use_pulseaudio=true link_pulseaudio=true
} else {
gn_args += use_pulseaudio=false
}
From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001
From: Matthew Denton <mpdenton@chromium.org>
Date: Wed, 24 Apr 2019 15:44:40 +0000
Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM
posix_spawn/vfork
Glibc's system() function switched to using posix_spawn, which uses
CLONE_VFORK. Pepperflash includes a sandbox debugging check which
relies on us EPERM-ing process creation like this, rather than crashing
the process with SIGSYS.
So whitelist clone() calls, like posix_spawn, that include the flags
CLONE_VFORK and CLONE_VM.
Bug: 949312
Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#653590}
---
.../baseline_policy_unittest.cc | 29 +++++++++++++++++++
.../syscall_parameters_restrictions.cc | 13 +++++++--
2 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
index cdeb210ccb..40fcebf933 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
@@ -10,7 +10,9 @@
#include <sched.h>
#include <signal.h>
#include <stddef.h>
+#include <stdlib.h>
#include <string.h>
+#include <sys/mman.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/socket.h>
@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) {
BPF_ASSERT_EQ(EPERM, fork_errno);
}
+BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) {
+ errno = 0;
+ int ret_val = system("echo SHOULD NEVER RUN");
+ BPF_ASSERT_EQ(-1, ret_val);
+ BPF_ASSERT_EQ(EPERM, errno);
+}
+
+BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) {
+ errno = 0;
+ // Allocate a couple pages for the child's stack even though the child should
+ // never start.
+ constexpr size_t kStackSize = 4096 * 4;
+ void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
+ BPF_ASSERT_NE(child_stack, nullptr);
+ pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD,
+ static_cast<char*>(child_stack) + kStackSize, nullptr,
+ nullptr, nullptr);
+ const int clone_errno = errno;
+ TestUtils::HandlePostForkReturn(pid);
+
+ munmap(child_stack, kStackSize);
+
+ BPF_ASSERT_EQ(-1, pid);
+ BPF_ASSERT_EQ(EPERM, clone_errno);
+}
+
BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) {
base::Thread thread("sandbox_tests");
BPF_ASSERT(thread.Start());
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 100afe50e3..348ab6e8c5 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -135,7 +135,8 @@ namespace sandbox {
#if !defined(OS_NACL_NONSFI)
// Allow Glibc's and Android pthread creation flags, crash on any other
// thread creation attempts and EPERM attempts to use neither
-// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
+// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
+// present (as in newer versions of posix_spawn).
ResultExpr RestrictCloneToThreadsAndEPERMFork() {
const Arg<unsigned long> flags(0);
@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
flags == kGlibcPthreadFlags);
+ // The following two flags are the two important flags in any vfork-emulating
+ // clone call. EPERM any clone call that contains both of them.
+ const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM;
+
+ const BoolExpr is_fork_or_clone_vfork =
+ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
+ (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
+
return If(IsAndroid() ? android_test : glibc_test, Allow())
- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
+ .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
.Else(CrashSIGSYSClone());
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment